1. 首頁
  2. 問答
  3. PHP - 文件編輯窗體顯示空白

PHP - 文件編輯窗體顯示空白

2017-03-17 88 views
0

我想製作一個編輯文件窗體,您可以選擇不同的文件上傳並替換上一個文件。這是我的代碼。PHP - 文件編輯窗體顯示空白

<?php 
require("config.php"); 
$id = $_GET['id']; 

$sql = "SELECT * FROM contracts WHERE id= '$id'"; 
$result = $con->query($sql); 
while ($row = $result->fetch_assoc()) 
{ 
?> 

<html><head></head> 
<body> 

<form method="GET" action="" enctype="multipart/form-data"> 

    ID: <?php echo $id; ?><br> 
    <input type="hidden" name="id" value="<?php echo $id; ?>" /> 

    Upload File: 
    <input type="file" name="upload" value="<?php echo $row($_FILES['name']) ?>"/><br> 
    <input type="submit" name="submit" value="Submit"/> 
</form> 
</body> 
</html> 

<?php 
} 

if(isset($_GET['edit']) ){ 


if ($_FILES['upload']['size'] != 0){ 

$filename = $con->real_escape_string($_FILES['upload']['name']); 
$filedata= $con->real_escape_string(file_get_contents($_FILES['upload']['tmp_name'])); 
$filetype = $con->real_escape_string($_FILES['upload']['type']); 
$filesize = intval($_FILES['upload']['size']); 

$query = "UPDATE `contracts` set `filename` = '$filename',`filedata` = '$filedata', `filetype` = '$filetype',`filesize` = '$filesize' WHERE `id` = '$id' " ; 

if ($con->query($query) == TRUE) { 
echo "<br><br> New record created successfully"; 
} else { 
    echo "Error:<br>" . $con->error; 
} 

} else { 

$filename = $con->real_escape_string($_FILES['upload']['name']); 
$filetype = $con->real_escape_string($_FILES['upload']['type']); 
$filesize = intval($_FILES['upload']['size']); 

$query = "UPDATE `contracts` set `filename` = '$filename', `filetype` = '$filetype',`filesize` = '$filesize' WHERE `id` = '$id' " ; 

if ($con->query($query) == TRUE) { 
echo "<br><br> New record created successfully"; 
} else { 
echo "Error:<br>" . $con->error; 
} 

} 
$con->close(); 
} 

?>

當我去了頁面,它只顯示空白。像這樣edit file error

有人能告訴我我做錯了什麼嗎?

來源

2017-03-17 MechaMetalHead

+1

你不能上傳文件用GET方法。 –

+1

**警告**:使用'mysqli'時,應該使用[參數化查詢](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param']( http://php.net/manual/en/mysqli-stmt.bind-param.php)將用戶數據添加到您的查詢中。 **不要**使用手動轉義和字符串插值或串聯來實現此目的,因爲您將創建嚴重的[SQL注入漏洞](http://bobby-tables.com/)。意外地未經轉義的數據是一個嚴重的風險。 – tadman

+0

請儘量避免像'== TRUE'這樣不必要的東西混淆你的代碼的習慣。許多函數被設計爲返回值爲真的值,以便字面比較是多餘的。 – tadman

回答

0

正確編碼應

Upload File: 
    <?php echo $row['filename'] ?> 
    <input type="file" name="upload"/><br> 
    <input type="submit" name="edit" value="Submit"/>

來源

2017-03-17 03:26:14 MechaMetalHead

相關問題

 相關問題